Please enable JavaScript to view this site.

MDaemon Email Server 24.5

Navigation: Setup Menu > Gateway Manager > Gateway Editor

Verification

Scroll Prev Top Next More

One common problem with domain gateways and mail-drops is that they don't usually have a method for determining whether or not the recipient of an incoming message is valid. For instance, if you act as a gateway for example.com and a message comes for user01@example.com then you have no way of knowing whether or not there is actually a mailbox, alias, or mailing list corresponding to that address on example.com's email server. Thus you have no choice but to assume that the address is valid and accept the message. Further, since spammers commonly send messages to many invalid addresses, this problem can result in large amounts of junk email being accepted for the gateway.

MDaemon contains a method to prevent this by verifying the recipient addresses. If the remote domain's server is configured to keep an LDAP or Active Directory server up to date with all of its mailboxes, aliases, and mailing lists, or if it runs a Minger server to provide remote address verification, then you can use the options on this screen to specify the LDAP, Active Directory, or Minger server where this information is stored. Then, when a message arrives for example.com, you can lookup the recipient's address on the other server and discover whether or not it is valid.

Address Verification

Verify addresses using:

Nothing

Choose this option if you do not wish to use email address verification for this domain gateway. MDaemon will treat all of the domain's incoming messages as if the recipient is a valid address, since it will have no way of identifying which addresses actually exist for that domain.

File

Choose this option if you wish to use the GatewayUsers.dat file as the definitive list of addresses that will be used to verify whether or not the recipient of an incoming message for this domain is valid. This is a global list of addresses, applicable to all of your domain gateways, and even if you have chosen to use one of the other verification methods, this list will still be used as an extra source of valid addresses. When using the File option, however, it will be the only verification option used. You can open and edit the valid address list by clicking the Address verification file button below.

LDAP

Choose this option to activate remote address verification via LDAP or Active Directory. Whenever a message arrives for the remote domain its LDAP or Active Directory server will be queried to determine whether or not the recipient is valid. If it isn't valid the message will be rejected. If MDaemon is unable to connect to the LDAP/AD server then it will assume the address is valid.

Minger

Choose this option if you wish to query the domain's Minger server to verify recipient addresses for this domain. If MDaemon is unable to connect to the server then it will assume the address is valid. There is also a global option located on Global Gateway Settings that you can use to cause MDaemon to query your Domain Sharing hosts as well.

Host name or IP

Enter the host name or IP address of the domain's LDAP/Active Directory or Minger server. This is the LDAP/AD or Minger server to which MDaemon will connect in order to verify that the recipient of an incoming message is a valid address at the domain for which this MDaemon is acting as a gateway or backup server.

Port

Specify the port that the domain's LDAP/AD or Minger server is using. MDaemon will use this port when verifying address information via LDAP, Active Directory, or Minger.

Test

Click this button to test whether or not you have the remote address verification settings configured properly. MDaemon will simply attempt to connect to the designated LDAP/AD server and verify that it responds to the specified information.

Cache

Click this button to open the LDAP/Minger cache. You can enable/disable the cache on Global Gateway Settings.

Server is protocol version 3

Click this checkbox if want gateway verification to use LDAP protocol version 3 with your server.

Chase referrals

Sometimes an LDAP server doesn't have a requested object but may have a cross-reference to its location, to which it can refer the client. If you want gateway verificaiton to chase (i.e. follow) these referrals, enable this option. This is disabled by default.

User name or Bind DN

Enter the User name or DN of the account that has administrative access to the domain's LDAP/AD server so that MDaemon can verify the recipients of incoming messages addressed to the domain for which it is acting as a gateway or backup server. This is the DN used for authentication in the bind operation.

Password or Minger shared secret

This password will be passed to the domain's LDAP/AD server along with the Bind DN value for authentication. If using a Minger server then this is the shared secret or password used.

Base entry DN

This is the Distinguished Name (DN) or starting point in the Directory Information Tree (DIT) at which MDaemon will query your LDAP/AD server for address verification.

Search filter

This is the LDAP/AD search filter that will be used when querying your server to verify addresses. MDaemon will setup a default search filter that should work in most cases.

Search scope:

This is the scope or extent of your LDAP/AD searches.

Base DN only

Choose this option if you wish to limit your search to only the base DN specified above. The search will not proceed below that point in your tree (DIT).

1 level below base DN

Use this option if you wish to extend your LDAP/AD search to one level below the supplied DN in your DIT.

Base DN and all children

This option will extend the scope of your search from the supplied DN to all of its children, down to the lowest child entry in your DIT.

Address verification file

Click this button to open the Gateway Valid Email Address List (i.e. the GatewayUsers.dat file). This contains a list of addresses that MDaemon will consider to be valid recipients for incoming messages addressed to your domain gateways. Regardless of the verification option selected above, MDaemon will use this list as an extra source of valid address data. When using the File option above, however, it will be the definitive and only verification option used.

Using multiple configurations for LDAP verification queries

You can specify multiple LDAP configurations for your gateway domains. To specify extra sets of LDAP parameters, setup your first set normally and then manually edit the GATEWAYS.DAT file using Notepad.

Your new set of parameters should be created using the following format:

LDAPHost1=<host name>

LDAPPort1=<port>

LDAPBaseEntry1=<base entry DN>

LDAPRootDN1=<root DN>

LDAPObjectClass1=USER

LDAPRootPass1=<password>

LDAPMailAttribute1=mail

 

For each new set of parameters, increase the numeral in each parameter's name by 1. For example, in the sample set above, each parameter's name ends with "1". To create an additional set each name would end with "2". In another set, each would end "3", and so on.

When the LDAP queries take place, MDaemon will perform multiple LDAP queries in sequence to find a match.  If an error or a match is found no further checks are performed.

See: